Executing Code in Partial Trust Environments


When building your first .NET web service, you may be in for a rude awakening when you discover the concept of “partial trust.” Your previously bullet-proof code will suddenly fail in a flurry of exceptions thrown by seemingly innocuous commands such as reading files or accessing the Registry. This article provides a brief overview of Code Access Security and describes how to modify and test your code to work in a partial trust environment.
Read the rest of this entry »

SecureString: Safe from Forensics, but not Surveillance


The SecureString class is new in the System.Security namespace with the .NET v2.0 upgrade. SecureString keeps sensitive data encrypted in memory so that it cannot be easily stolen. SecureString plugs a specific security hole but does not guard against all threats while securing information in applications.

Read the rest of this entry »